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DETAILED ACTION 

Acknowledgements 

1 . This communication is in response to the Request for Continued Examination of 
Application No. 10/574,808 filed on 23 August 2010. 

2. Claims 101 -1 29 have been withdrawn by the Applicant. 

3. Claims 1 , 3-4, 8-1 0, 1 3-16, 1 8, 21 , 24, 26, 28-29, 35, 40-51 , 54-55, 59-60, 62-65, 
67, 70, 73, 75, 77-78, 84 and 89-100 have been cancelled by the Applicant. 

4. Claims 2, 5-7, 1 1 -1 2, 1 7, 1 9-20, 22-23, 25, 27, 30-34, 36-39, 52-53, 56-58, 61 , 
66, 68-69, 71-72, 74, 76, 79-83, 85-88 and 130 are currently pending and have been 
fully examined. 

5. For the purpose of applying the prior art, PreGrant Publications will be 
referred to using a four digit number within square brackets, e.g. [0001]. 

Examiner's Comments/Remarks 

6. Applicant's response, filed on 23 August 201 0, has fully be considered, but are 
moot in light of new grounds of rejections necessitated by Applicant's newly added 
limitations. 

As to claim 103, Applicant recites, "...apparatus if a match is...." The MPEP 
interprets claim limitations that contain "if, may, might, can, when and could" 
statement(s), as optional language. As matter of linguistic precision, optional claim 
elements do not narrow claim limitations, since they can always be omitted. 1 Language 

1 In re Johnston, 77 USPQ2d 1 788 (Fed. Cir. 2006); As matter of linguistic precision, optional claim elements do not 
narrow claim, since they can always be omitted; in present case, elements of dependent claim directed to large 
diameter spirally formed pipe, which recite "further including that said wall may be smooth, corrugated, or profiled with 
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that suggests or makes optional but does not require steps to be performed or does not 
limit a claim to a particular structure does not limit the scope of a claim or claim 
limitation. 2 3 4 5 

Clauses (e.g. whereby, thereby, wherein) that merely states the result of the 
limitation(s) of a claim(s) does not limit the scope of the claim(s). 6 Therefore, as recited 
in claim 7, "...module is operable to authenticate the terminal in the mobile and/or 
cellular telecommunication system," for example, will not limit the scope of the claim. 

Examiner would like to point out that the language of claim 5, describes, "non- 
functional descriptive material." For example, as to claim 5, Applicant recites, "...which 
the authentication storage device respective to that user corresponds to or simulates...." 
However, this is an example of non-functional descriptive material. 7 

Claim 56 contains similar language found in claim 5. 



increased dimensional proportions as pipe size is increased," do not narrow scope of claim compared to claims 
lacking those elements, since elements are stated in permissive form "may." 

2 MPEP §2106 II C; Language that suggest or makes optional but does not require steps to be performed or does not 
limit a claim to a particular structure does not limit the scope of a claim or claim limitation; 

3 Intel Corp. v. Int'l Trade Comm'n, 20 USPQ2d 1 161 (Fed. Cir. 1991); Because the language of claim 1 refers to 
"programmable selection means" and states "whereby when said alternate addressing mode is selected" (emphases 
added), the accused device, to be infringing, need only be capable of operating in the page mode. Contrary to Gl/M's 
argument, actual page mode operation in the accused device is not required. 

4 In re Venezia, 189 USPQ 149 (CCP.A. 1976); However, we found that the claim did not positively recite any 
structural relationship between the two elements identified as [1 ] and [2], in its recitation of what may or may not 
occur. We concluded that the claim failed to comply with section 112, second paragraph, in "failing distinctly to claim 
what appellant in his brief insists is his actual invention." 

5 In re Collier, 158 USPQ 266 (CCPA 1968); It has been held that actions that may or may not be done is indefinite 
and does not distinguish the claim from the prior art; 

6 MPEP §21 1 1 .04[R-3]; MPEP §21 06 II C; MPEP §21 14; 

7 In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 
1031 (Fed. Cir. 1994); Where the printed matter is not functionally related to the substrate, the printed matter will not 
distinguish the invention from the prior art in terms of patentability ....[T ]he critical question is whether there exists 
any new and unobvious functional relationship between the printed matter and the substrate; 
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In light of Applicants' choice to pursue method claims, Applicants are also 
reminded that functional recitations using the word "for," "configured to," or other 
functional terms 8 (e.g. see claim 7, which recites, "... wherein the smart card or 
subscriber identity module is operable to authenticate...") have been considered but are 
not given patentable weight 9 because they fail to add any structural limitations and are 
thereby regarded as intended use language. To be especially clear, all limitations have 
been considered; however, a recitation of the intended use in a method claim must 
result in a structural difference between the claimed product and the prior art in order to 
patentably distinguish the claimed product from the prior art. If the prior art structure is 
capable of performing the intended use, then it reads on the claimed limitation. 10 
Unless expressly noted otherwise by the Examiner, the claim interpretation principles in 
this paragraph apply to all examined claims currently pending. 

Claim 58 contains similar language found in claim 7. 

Examiner would like to point out that the language of claim 1 1 describes, "non- 
functional descriptive material." For example, as to claim 1 1 , Applicant recites, 
"...storage device is incorporated on a data carrier for data or software for use by that 



8 MPEP§2106IIC; 

9 In re Gulack, 703 F. 2d 1381, 217 USPQ 401, 404 (Fed. Cir. 1983)(stating that although all limitations must be 
considered, not all limitations are entitled to patentable weight); 

10 In re Casey, 370 F.2d 576, 152 USPQ 235 (CCPA 1967) ("The manner or method in which such machine is to be 
utilized is not germane to the issue of patentability of the machine itself."); In re Otto, 136 USPQ 458, 459 (CCPA 
1963); Ex parte Masham, 2 USPQ2d 1647 (1987); A recitation directed to the manner in which a claimed apparatus is 
intended to be used does not distinguish the claimed apparatus from the prior art- if the prior art has the capability to 
so perform. 

See also MPEP §§ 2114 and 2115. 



USPTO 



Page 4 



6/1/2011 



Application/Control Number: 10/574,808 



Page 5 



Art Unit: 3685 

data processing apparatus." However, this is an example of non-functional descriptive 



Examiner would also like to point out that Official Notice was used in the previous 
office action mailed on 23 February 2010 to indicate that predetermined authentication 
information stored by each authentication storage means corresponding to information 
which is used to authenticate a telecommunications terminal of that user in relation to 



the telecommunications system but the authentication process for authenticating the 
transaction by that user with the data processing apparatus not requiring use of that 
user's telecommunications terminal. 12 Since Applicant has not attempted to traverse 



11 In re Gulack, 217 USPQ 401 (Fed. Cir. 1983), In re Ngai, 70 USPQ2d (Fed. Cir. 2004), In re Lowry, 32 USPQ2d 

1 031 (Fed. Cir. 1 994); Where the printed matter is not functionally related to the substrate, the printed matter will not 
distinguish the invention from the prior art in terms of patentability ....[T ]he critical question is whether there exists 
any new and unobvious functional relationship between the printed matter and the substrate; 

12 Rodriguez et al. , (US 2003/0202661 );[001 4] In summary, embodiments of the invention provide for the distribution 
and management of authorization tokens (from a distribution entity 106) that allows a source server (upon successful 
authentication) to create a working key for encryption of a large video or data file. The process may also insert a 
small encrypted header in the file that can only be seen by the intended user with the proper authorization token and 
password. The key is discarded after the encryption process is completed and is never stored. The encrypted file may 
then travel securely to a destination server. The intended user at the destination server will need a corresponding 
authorization token (sent by the distribution entity 1 06) and associated password in order for the software agent on 
the server to successfully recreate the key for decryption. The keys are created when the authorization token 
compares a user password (e.g., in a donqle), and file header for authentication. 

[001 5] During the transport of the video or data file, a second level of encryption may be applied to the file to ensure it 
is received by authorized recipients only. Those systems with non-authorized receivers will drop the packets 
due to wrong authentication (e.g., a smart card may be used for such authentication). 

[0051] FIGS. 4A and 4B illustrate a secure theater content distribution data flow. Referring to FIG. 4A, a studio/post- 
production facility (i.e., in a media content provider 102 and protection entity 104) prepares the content 1 10 for 
distribution to the distribution entity 106. As illustrated, digital media content 110 such as a movie is obtained from a 
digital source master 402. Using a studio token, a compression/encryption server 116 prepares (e.g., compresses 
and encrypts) the content 1 1 0. As used herein the studio token 404 may comprise a software code delivered to the 
studio/post production facility 1 02/1 04 (e.g., on a floppy disk). The compression/encryption server 1 1 6 authenticates 
the studio token 404 to determine if the studio token 404 received is the studio token 404 expected (i.e., whether the 
password in the studio token 404 is authentic/valid). In this regard, a variety of authentication techniques may be 
utilized to authenticate the studio token 404. For example, a donqle may be utilized to authenticate the studio token 
404 (as described in more detail below with respect to a theater token). Further, a password in the donqle may be 
used to authenticate a user. Alternatively, a stronger authentication mechanism (e.g., biometrics such as 
fingerprint, or retinal scan readers) may also be used to authenticate the user. 



material.' 
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this Official Notice statement, examiner is taking the common knowledge or well-known 
statement to be admitted prior art. 13 

Examiner would also like to point out that Official Notice was used in the previous 
office action mailed on 4 May 2009 to indicate that incorporating an authentication 
storage means on a data carrier is old and well known in the art. Since Applicant has 
not attempted to traverse this Official Notice statement, Examiner is taking the common 
knowledge or well-known statement to be admitted prior art. 14 

Continued Examination Under 37 C.F.R.- §1.114 

7. A request for continued examination under 37 CFR §1.114, including the fee set 
forth in 37 CFR §1.1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR §1.114, and the fee set 
forth in 37 CFR §1.1 7(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR §1.114. Applicant's submission filed on 23 
August 2010 has been entered. 

Claim Rejections - 35 USC §112 

8. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 



13 MPEP 2144.03 C; 

14 MPEP 2144.03 C; 
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9. Claims 2, 5-7, 1 1 -1 2, 1 7, 1 9-20, 22-23, 25, 27, 30-34, 36-39, 52-53, 56-58, 61 , 
66, 68-69, 71 , 72, 74, 76, 79, 80-83, 85, 86-88 and 103 are rejected under 35 
U.S.C. 112, first paragraph, as failing to comply with the written description requirement. 
The claim(s) contains subject matter which was not described in the specification in 
such a way as to reasonably convey to one skilled in the relevant art that the 
inventor(s), at the time the application was filed, had possession of the claimed 
invention. 

As to claim 52, Applicant recites, "generate transaction data related to the 

transaction;" however, in regards to "transaction data" Applicant's Specification recites: 

[0008] According to a another aspect of the invention, there is provided a method of 
facilitating transactions between a plurality of users registered with an authentication 
system and plurality of product or service providers, the method including: [0009] 
providing each user with authentication storage means storing predetermined 
authentication information, each authentication storage means being coupleable to data 
processing apparatus for data exchange therewith; [001 0] generating in response to a 
request, made using data processing apparatus, from a user to a product or service 
provider a transaction request data packet including data indicative of the identity 
of the user and the identity of the product or service provider ; [001 1 ] transmitting the 
transaction request data packet to the authentication system via the data processing 
apparatus; 

[0012] analysing in the authentication system the transaction request data packet and 
extracting therefrom the identity of the user: 

Applicant's Specification seems to be silent the "generation" of transaction data. 



As to claim 103, Applicant recites, "generating, by the data processing apparatus 

of the entity using the supplied data, transaction data relating to the desired 

transaction of the one user;" however, in regards to "transaction data" Applicant's 

Specification recites: 

[0008] According to a another aspect of the invention, there is provided a method of 
facilitating transactions between a plurality of users registered with an authentication 
system and plurality of product or service providers, the method including: [0009] 
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providing each user with authentication storage means storing predetermined 
authentication information, each authentication storage means being coupleable to data 
processing apparatus for data exchange therewith; [001 0] generating in response to a 
request, made using data processing apparatus, from a user to a product or service 
provider a transaction request data packet including data indicative of the identity 
of the user and the identity of the product or service provider ; [001 1 ] transmitting the 
transaction request data packet to the authentication system via the data processing 
apparatus; 

[0012] analysing in the authentication system the transaction request data packet and 
extracting therefrom the identity of the user; 

The Applicant's Specification seems to be silent Applicant's "transaction data." The 

Examiner interprets " transaction data " to be distinguishable from user ID information. 

Claims 2, 5-7, 1 1 -1 2, 1 7, 1 9-20, 22-23, 25, 27, 30-34, 36-39, 53, 56-58, 61 , 66, 

68-69, 71 , 72, 74, 76, 79, 80-83, 85, 86-88 are also rejected for being dependent upon 

rejected claims 52 and 103. 

Claim Rejections - 35 USC §112 

1 0. The following is a quotation of the second paragraph of 35 U.S.C. §112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

1 1 . Claims 2, 5-7, 1 1 -1 2, 1 7, 1 9-20, 22-23, 25, 27, 30-34, 36-39, 52-53, 56-58, 61 , 
66, 68-69, 71-72, 74, 76, 79-83, 85-88 and 103 are rejected under 35 U.S.C. §112, 
second paragraph, as being indefinite for failing to particularly point out and distinctly 
claim the subject matter which applicant regards as the invention. 

As to claim 52, Applicant recites, "generate transaction data related to the 

transaction;" however, in regards to "transaction data" Applicant's Specification recites: 

[0008] According to a another aspect of the invention, there is provided a method of 
facilitating transactions between a plurality of users registered with an authentication 
system and plurality of product or service providers, the method including: [0009] 
providing each user with authentication storage means storing predetermined 
authentication information, each authentication storage means being coupleable to data 
processing apparatus for data exchange therewith; [001 0] generating in response to a 
request, made using data processing apparatus, from a user to a product or service 
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provider a transaction request data packet including data indicative of the identity 
of the user and the identity of the product or service provider ; [001 1 ] transmitting the 
transaction request data packet to the authentication system via the data processing 
apparatus; 

[0012] analysing in the authentication system the transaction request data packet and 
extracting therefrom the identity of the user; 

Applicant's Specification seems to be silent the "generation" of transaction data. 

It is unclear what "transaction data" is generated. 15 Therefore, the scope of the claim is 

not clear. One of ordinary skill in the art would not be reasonably apprised of the scope 

of the invention. 

As to claim 103, Applicant recites, "generating, by the data processing 

apparatus of the entity using the supplied data, transaction data relating to the desired 

transaction of the one user;" however, Applicant's Specification recites: 

[0008] According to a another aspect of the invention, there is provided a method of 
facilitating transactions between a plurality of users registered with an authentication 
system and plurality of product or service providers, the method including: [0009] 
providing each user with authentication storage means storing predetermined 
authentication information, each authentication storage means being coupleable to data 
processing apparatus for data exchange therewith; [001 0] generating in response to a 
request, made using data processing apparatus, from a user to a product or service 
provider a transaction request data packet including data indicative of the identity 
of the user and the identity of the product or service provider ; [001 1 ] transmitting the 
transaction request data packet to the authentication system via the data processing 
apparatus; 

[0012] analysing in the authentication system the transaction request data packet and 
extracting therefrom the identity of the user; 

In regards to "transaction data" it is not clear where this information is derived 

and acquired from (e.g. is the transaction data stored within the SIM card itself or is it 

information inputted by the user)? 16 Therefore, the scope of the claim is not clear. One 



15 In re Zletz,13 USPQ2d 1320 (Fed. Cir. 1989); An essential purpose of patent examination is to fashion claims that 
are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed... 

16 In re Zletz,13 USPQ2d 1320 (Fed. Cir. 1989); An essential purpose of patent examination is to fashion claims that 
are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed... 
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of ordinary skill in the art would not be reasonably apprised of the scope of the 
invention. 

As to claim 17, Applicant recites, "including the step of operatively coupling the 
authentication storage device...." However, it is not clear what is actually performing 
the coupling or how it is being accomplished; therefore, the scope of the claim is not 
clear. One of ordinary skill in the art would not be reasonably apprised of the scope of 
the invention. 

As to claim 17, Applicant recites, "...authentication storage device for 

communication over a carrier . ..." However, in regards to "a carrier," Applicant's 

specification recites: 

[0064] In an alternative arrangement, a data carrier may be provided with means for 
storing predetermined information such as in one of the forms described above-that is, a 
SIM or (more probably) software simulating a SIM. The simulated SIM is associated with 
data stored on the data carrier. The data carrier may, for example, be a DVD or CD 
ROM or some other similar data carrier, a nd the data thereon may be software or a 
suite of software. 

Therefore, it is not clear what is meant by "over a carrier" (e.g. over a DVD)? 17 
Therefore, the scope of the claim is not clear. One of ordinary skill in the art would not 
be reasonably apprised of the scope of the invention. 

As to claim 52, Applicant recites, "...with the data processing apparatus not 
requiring use of that user's telecommunications terminal ." However, the scope of 
the claim is not clear. For example, does the Applicant infer that no information is 



17 In re Zletz,13 USPQ2d 1320 (Fed. Cir. 1989); An essential purpose of patent examination is to fashion claims that 
are precise, clear, correct, and unambiguous. Only in this way can uncertainties of claim scope be removed... 
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received from the user's telecommunications terminal? The appropriate correction is 
required. 

Claims 2, 5-7, 11-12, 17, 19-20, 22-23, 25, 27, 30-34, 36-39, 53, 56-58, 61, 66, 
68-69, 71 , 72, 74, 76, 79, 80-83, 85 and 86-88 are also rejected for being dependent 
upon rejected claims 52 and 103. 

Claim Rejections - 35 USC §103 
1 0. The following is a quotation of 35 U.S.C. §1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 



1 1 . Claims 2, 5-7, 1 1 -1 2, 1 7, 30-31 , 36-39, 52-53, 56-58, 61 , 66, 79-80, 85-88 and 
130 are rejected under 35 U.S.C. §1 03(a) as being unpatentable over Malinen et a/ ., 
(US 2003/0028763) (" Malinen ") and in further view of Chappuis (US 2003/01 71 993) 
(" Chaoouis "). 
As to claim 130: 

For purposes of examination the claim is being interpreted as follows that Malinen 

teaches substantially as claimed: 

storing, on at least one authentication storage device of an authenticator of a 
telecommunications system, selected ones of a plurality of respective 
predetermined authentication information of each respective ones of the plurality 
of users, the respective predetermined authentication information corresponding 
to an actual authenticating information of a mechanism provided in a 
telecommunications terminal of each respective user which telecommunications 
terminal is associated with the telecommunications system ([0009], [0067], 
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[0079], [0084]); 

initiating by one user a desired transaction with the entity, said initiating step 
including the steps of establishing a communication between a transaction 
manager of the one user and a data processing apparatus of the entity and 
supplying of data by the user to the data processing apparatus of the entity 
([0009], [0067], [0079], [0084], Figure 10); 

authenticating the one user to the data processing apparatus of the entity before 
completing the transaction, said authenticating step including the steps of 
establishing a connection, via a common telecommunications system, between 
the data processing apparatus of the entity and the authentication storage device 
of the authenticator having the predetermined authentication information of the 
one user, implementing the transaction manager of the user by the data 
processing apparatus of the entity,... between the data processing apparatus of 
the entity and the telecommunications system, and transmitting the actual 
authenticating information of the telecommunications terminal of the user to the 
authenticator, said transmitting step not requiring use of the telecommunications 
terminal of the user (Abstract, [0006], [0009], [0023], [0081], [0083]-[0084], 
[0011], [0076], [0080], [0083], [0085]-[0086], [0118], [0130]-[0131], [0162], 
[0180]-[0181], [0200], Figures 2, 8-10); 

comparing the predetermined authentication information of the authentication 
storage device with the actual authenticating information by the authenticator to 
determine if there is a match, and communicating a match to the transaction 
manager ([0011], [0086], [0094], [0145], [0205], [0215], [0237], Claim 16, Figure 
10); 

completing the desired transaction of the one user by the data processing 
apparatus if a match is communicated to the transaction manager ([001 1], 
[0086], [0094], [0145], [0205], [0215], [0237], Claim 16, Figure 10); 

Malinen does not expressly teach: 

generating, by the data processing apparatus of the entity using the supplied 
data, transaction data relating to the desired transaction of the one user; 

said implementing step including the step of transmitting the transaction data; 

However, Chappuis expressly teaches: 

generating, by the data processing apparatus of the entity using the supplied 
data, transaction data relating to the desired transaction of the one user ([0108], 
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[0167], [0189], [0211], [0249]); 

said implementing step including the step of transmitting the transaction data 
([0108], [0167], [0189], [0211], [0249]); 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 

invention to modify Malinen to include the features of Chaoouis because is order to 

process a transaction a plurality of different types of information may be used to process 

such transaction. 

As to claims 2 and 53: 

Malinen expressly teaches: 

in which the predetermined authentication information stored by each 
authentication storage device corresponds to information which is used to 
authenticate a user of that authentication storage device in relation to the 
telecommunications system ([0009], [0067], [0079], [0084]); 

As to claims 5 and 56: 

Malinen expressly teaches: 

wherein each user is authenticated in the telecommunications system by a smart 
card or subscriber identity module, and in which the authentication storage 
device respective to that user corresponds to or simulates the smart card for that 
user ([0024], [0067], [0074], [0080], [0084]). 

As to claims 6 and 57: 

Malinen expressly teaches: 

wherein the smart card or subscriber identity module... after the smart card or 
subscriber identity module is operable in a terminal usable in a mobile and/or 
cellular telecommunications system (Abstract, [0006], [0009], [0011], [0067], 
[0074], [0080]). 

Malinen does not expressly teach: 

authenticates the transaction; 
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authenticates the transaction ([0019], [0023]-[0032], [0036], [0038]-[0039], 
[0051], [0053], [0101], [0104], [0107]-[0108], [0121]); 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 

invention to modify Malinen to include the features of Chappuis because is order to 

process a transaction a plurality of different types of information may be used to process 

such transaction. 

As to claims 7 and 58: 

Malinen expressly teaches: 

wherein the smart card or subscriber identity module is operable to authenticate 
the terminal in the mobile and/or cellular telecommunications system (Abstract, 
[0006], [0009], [0011], [0067], [0074], [0080]). 

As to claims 11: 

Malinen expressly teaches: 

in which the authentication storage device is incorporated on a data carrier for 
data or software for use by that data processing apparatus ([0009], [0067], 
[0079], [0084], Figures 8-10); 

As to claims 12 and 61: 

Malinen expressly teaches: 

in which the authentication step includes the steps of sending of a message and 
generating of a response dependent on the message and the predetermined 
information ([0011], [0062], [0074], [0081], [0085], [0088], Figures 3, 6, 10). 
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As to claims 17 and 66: 

For purposes of examination the claim is being interpreted as follows that Malinen 
expressly teaches: 

further including the step of operatively coupling the authentication storage 
device for communication over a carrier with the transaction manager ([0074], 
[0119], [0725]); 

As to claims 30 and 79: 

Malinen discloses as discussed above; however, Malinen does not expressly disclose: 

wherein the data processing module of the carrier decrypts encrypted data 
received from the data processing module of the data processing apparatus. 

However, Chappuis expressly teaches: 

wherein the data processing module of the carrier decrypts encrypted data 
received from the data processing module of the data processing apparatus 
([0041], [0048], Claim 23) 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 

invention to modify Malinen to include the features of Chappuis because is order to 

keep data secure, encryption may be employed. 

As to claims 31 and 80: 

Malinen discloses as discussed above; however, Malinen does not expressly disclose: 

wherein the data processing module of the carrier encrypts data transmitted to 
the data processing module of the data processing apparatus. 

However, Chappuis expressly teaches: 

wherein the data processing module of the carrier encrypts data transmitted to 
the data processing module of the data processing apparatus ([0041], [0048], 
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Claim 23); 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
invention to modify Malinen to include the features of Chaoouis because is order to 
keep data secure, encryption may be employed. 

As to claims 36 and 85: 

Malinen expressly teaches: 

including routing communications between the authentication storage device and 
the telecommunications system via the transaction manager ([0009], [001 1], 
[0074]). 

As to claims 37 and 86: 

Malinen expressly teaches: 

wherein the transaction manager is implemented by the data processing 
apparatus ([0009], [0011], [0074]). 

As to claims 38 and 87: 

Malinen expressly teaches: 

wherein the transaction manager detects the operative coupling of the 
authentication storage device ([0080]-[0082], [0084]-[0085], Figure 1). 

As to claims 39 and 88: 

Malinen expressly teaches: 

wherein the transaction manager transmits data... to the entity to which that 
transaction relates ([0084]-[0086], [0088], [0095]-[0097], [01 01 ]-[01 04]). 

Malinen does not expressly teach: 

relating to an authenticated transaction; 
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relating to an authenticated transaction ([0019], [0023]-[0032], [0036], [0038]- 
[0039], [0051], [0053], [0101], [0104], [0107]-[0108], [0121]); 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 

invention to modify Malinen to include the features of Chappuis because is order to 

process a transaction a plurality of different types of information may be used to process 

such transaction. 

As to claim 52: 

Malinen expressly teaches: 

with a data processing apparatus (Abstract, [0005]-[0007], [0070]-[0074]); 

a selected one of a plurality of authentication storage devices in operative 
association with the data processing apparatus, each said authentication storage 
device storing predetermined authentication information relating to the carrying 
out of the authentication (Abstract, [0006], [0009], [001 1], [0016], [0067]); and 

a common telecommunications system which is registerable with the plurality of 
the authentication storage devices ([0157], [0180]); 

a communications link with the telecommunications system by which the 
authentication storage devices operatively associated with the data processing 
apparatus to carry out the authentication process (Abstract, [0006], [0009], 
[0011], [0016], [0076], [0079], Figure 8-10); 

an authenticating device incorporated in the telecommunications system by 
which the authentication process is carried out and which involves the use of the 
predetermined authentication information respective to the user stored by the 
selected one authentication storage devices (Abstract, [0006]-[0007], [0009], 
[0011], [0023], [0070]-[0074]); 

the data processing apparatus comprising at least a transaction manager through 
which communications between the data processing apparatus and the 
telecommunications system are transmitted and through which the 
predetermined authentication information is also transmitted between the 
authentication storage devices and the telecommunications system, the 
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transaction manager being implemented by the data processing apparatus 
(Abstract, [0006], [0009], [0011], [0016], [0076], [0079], Figure 8-10); 

the predetermined authentication information being stored by each authentication 
storage device corresponding to information which is used to authenticate a 
telecommunications terminal of that user in relation to the telecommunications 
system but the authentication process for authenticating the transaction by that 
user with the data processing apparatus not requiring use of that user's 
telecommunications terminal ([0009], [0067], [0079], [0084]); 

Malinen does not expressly teach: 

the entity being operable to generate transaction data relating to the transaction; 

However, Chappuis expressly teaches: 

the entity being operable to generate transaction data relating to the transaction 
([0108], [0167], [0189], [0211], [0249]); 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 

invention to modify Malinen to include the features of Chappuis because is order to 

process a transaction a plurality of different types of information may be used to process 

such transaction. 

1 2. Claims 1 9-20, 22-23, 25, 27, 68-69, 71 -72, 74 and 76 are rejected under 

35 U.S.C. §1 03(a) as being unpatentable over the combination of Malinen/Chappuis 

and in view of Tavloe . (US 5,933,785) C' Tavloe "). 

As to claims 19 and 68: 

The combination of Malinen/Chappuis discloses as discussed above; however, the 

combination of Malinen/Chappuis does not expressly teach: 

wherein the carrier is operatively coupled to the data processing apparatus by a 
wireless link. 
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However, Tayloe expressly teaches: 

wherein the carrier is operatively coupled to the data processing apparatus by a 
wireless link ((Col. 4, lines 45-65)). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 

invention to modify the combination of Malinen/Chappuis to include the features of 

Tavloe because having a carrier coupled to a apparatus via a wireless link provides for 

efficient and easy access to processing apparatus. 

As to claims 20 and 69: 

The combination of Malinen/Chappuis discloses as discussed above; however, the 

combination of Malinen/Chappuis does not expressly teach: 

wherein the authentication storage device is removably coupled to the carrier. 

However, Tavloe expressly teaches: 

wherein the authentication storage device is removably coupled to the carrier 
(Abstract, (Col. 1, lines 14-21), (Col. 2, lines 59-67),(Col. 4, lines 1-17)). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 

invention to modify the combination of Malinen/Chappuis to include the features of 

Tavloe because it may be desired to interchange authentication storage means with 

different types of carriers. 

As to claims 22 and 71 : 

Malinen expressly teaches: 

comprising the step of using said carrier to obtain user security data 
independently of the data processing apparatus, and analysing the user security 
data for determining whether to allow access to the predetermined 
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information([0009], [0067], [0079], [0084]); 

As to claims 23 and 72: 

The combination of Malinen/Chappuis discloses as discussed above; however, the 

combination of Malinen/Chappuis does not expressly teach: 

wherein the security data is obtained by alphanumeric data entry. 

However, Tavloe expressly teaches: 

wherein the security data is obtained by alphanumeric data entry ((Col. 3, lines 
15-22), (Col. 5, lines 55-60), Figure 1). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 

invention to modify the combination of Malinen/Chappuis to include the features of 

Tavloe because alphanumeric data entry allows for a well know method of inputting 

data which provides access to control information. 

As to claims 25 and 74: 

The combination of Malinen/Chappuis discloses as discussed above; however, the 

combination of Malinen/Chappuis does not expressly teach: 

wherein the user security data comprises a Personal Identification Number (PIN) 
and the analysing step compares the PIN obtained by the security data entry 
device with a PIN stored on the authentication storage device and only allows 
access to the predetermined information when the respective PINs match. 

However, Tavloe expressly teaches: 

wherein the user security data comprises a Personal Identification Number (PIN) 
and the analysing step compares the PIN obtained by the security data entry 
means with a PIN stored on the authentication storage means and only allows 
access to the predetermined information when the respective PINs match ((Col. 
2, lines 59-67)). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 
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invention to modify the combination of Malinen/Chappuis to include the features of 
Tayloe because it may be desirable to provide some type of security to ensure that only 
properly authorized user's have access to information on the SIM or smart card. 

As to claims 27 and 76: 

Malinen expressly teaches: 

wherein communication with the data processing apparatus is controlled by a 
data processing module (Abstract, [0006]-[0007], [0009], [0011]). 

1 3. Claims 32-34 and 81-83 are rejected under 35 U.S.C. §1 03(a) as being 
unpatentable over the combination of Malinen/Chappuis/ Ta vloe and in further view of 
Schneier et aL (US 2003/0177347) C Schneien . 
As to claims 32 and 81 : 

The combination of Malinen/Chappuis/Tavloe discloses as discussed above; however, 

the combination of Malinen/Chappuis/Ta vloe does not expressly disclose: 

wherein the respective data processing modules comprise a key for allowing 
encryption and/or decryption of data. 

However, Schneier expressly teaches: 

wherein the respective data processing modules comprise a key for allowing 
encryption and/or decryption of data ([0138]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 

invention to modify the combination of Malinen/Chappuis/Tavloe to include the features 

of Schneier because it may be desirable to maintain data security by ensuring a 

decryption/encryption process is being employed between device communications with 
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each other. 

As to claims 33 and 82: 

The combination of Malinen/Chappuis/Ta vloe discloses as discussed above; however, 

the combination of Malinen/Chappuis/Tayloe does not expressly disclose: 

wherein the key comprises a shared secret key for each of the respective data 
processing modules. 

However, Schneier expressly teaches: 

wherein the key comprises a shared secret key for each of the respective data 
processing modules ([0212]). 

Therefore, it would have been obvious to one of ordinary skill in the art at the time of the 

invention to modify the combination of Malinen/Chappuis/Tayloe to include the features 

of Schneier because it may be desirable to maintain data security by ensuring a 

decryption/encryption process is being employed between device communications with 

each other. 

As to claims 34 and 83: 

Malinen expressly teaches: 

wherein the carrier is operatively coupled to a plurality of authentication storage 
means for respectively enabling the said authentication process and one or more 
other authentication processes ([0003], [0024], [0074]); 

Conclusion 

1 4. The prior art made of record and not relied upon is considered pertinent to 
Applicant's disclosure. 
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